Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3008

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3008
Last Modified 08 Aug 2011 12:00:00
Published 05 Aug 2011 05:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3008

Summary

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.

Vulnerable Systems

Application

  • Avaya Secure Access Link Gateway 1.5

  • Avaya Secure Access Link Gateway 1.8

  • Avaya Secure Access Link Gateway 2.0


References

CERT-VN - VU#690315

XF - avaya-sal-info-disclosure(68922)

BID - 48942

CONFIRM - http://support.avaya.com/css/P8/documents/100140483


Last Updated: 27 May 2016 10:57:14